Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-error and combinations of EDEs and RCODEs
Tony Finch <dot@dotat.at> Fri, 13 September 2019 20:01 UTC
Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14F75120132 for <dnsop@ietfa.amsl.com>; Fri, 13 Sep 2019 13:01:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JgqH-tJMPQMl for <dnsop@ietfa.amsl.com>; Fri, 13 Sep 2019 13:01:35 -0700 (PDT)
Received: from ppsw-43.csi.cam.ac.uk (ppsw-43.csi.cam.ac.uk [131.111.8.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99EB8120118 for <dnsop@ietf.org>; Fri, 13 Sep 2019 13:01:35 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:33080) by ppsw-43.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.139]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1i8rl7-000PTr-nn (Exim 4.92.2) for dnsop@ietf.org (return-path <dot@dotat.at>); Fri, 13 Sep 2019 21:01:33 +0100
Date: Fri, 13 Sep 2019 21:01:33 +0100
From: Tony Finch <dot@dotat.at>
To: dnsop@ietf.org
In-Reply-To: <AACC9277-D817-4384-99D9-4F65EE809F0C@dukhovni.org>
Message-ID: <alpine.DEB.2.20.1909132047400.5352@grey.csi.cam.ac.uk>
References: <EA557043-34D1-43EA-B750-4A17CFC6BE50@icann.org> <ybl36h4aj8x.fsf@w7.hardakers.net> <AFE92D06-8418-4451-A827-D5656C83B796@icann.org> <yblzhjbeova.fsf@w7.hardakers.net> <067589D2-8E7E-47FA-867C-72E266A55D6D@icann.org> <CADyWQ+EB-eotvTdYwNv5Oo4=-mibdgEgpkQ3yh37orAwp-AgWg@mail.gmail.com> <ybly2yubfnp.fsf@w7.hardakers.net> <21136294-FDFD-4A99-9529-E79C45E79535@icann.org> <yblzhja9kz3.fsf@w7.hardakers.net> <3AC375B1-D858-4577-AEBE-4BB7CD40C241@icann.org> <1878161734.14716.1568306548325@appsuite-gw1.open-xchange.com> <0C5DC6B2-E9C5-46A6-B0BA-12830A405DD2@dukhovni.org> <775d97e3-65b0-832a-6118-a3c64d872539@bellis.me.uk> <F7A157E6-9773-4B6F-90C8-761D1B3CFC00@icann.org> <AACC9277-D817-4384-99D9-4F65EE809F0C@dukhovni.org>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/pTZXm1c7P-p2AcQXVcVn0GRL0AA>
Subject: Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-error and combinations of EDEs and RCODEs
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 20:01:37 -0000
Some questions about the intended meanings... 3.6. Extended DNS Error Code 5 - DNSSEC Indeterminate If I remember correctly, there isn't a consistent definition of what "indeterminate" means. Perhaps it's worth adding a reference to the intended definition. [ actually maybe all the codes could have citations to where the error cases are mentioned in existing specifications, perhaps with a comment that the citations are not intended to be exhausive ] 3.5. Extended DNS Error Code 4 - Forged Answer 3.16. Extended DNS Error Code 15 - Blocked 3.17. Extended DNS Error Code 16 - Censored 3.19. Extended DNS Error Code 18 - Filtered I don't understand the shades of meaning that these are supposed to distinguish. wrt "filtered", the description implies vaguely RPZ flavoured filtering, but it mentions a REFUSED RCODE which isn't what a sensible implementation would use for that purpose, so I am more confused. 3.18. Extended DNS Error Code 17 - Prohibited If I understand correctly, the four above are about the qname whereas this is about the client? The ordering is a bit confusing. 3.21. Extended DNS Error Code 20 - Lame This needs to be split into two: server doesn't know about the zone queried for (typically RCODE=REFUSED), and server knows about the zone but it has expired (typically RCODE=SERVFAIL). Resolvers handling RD=0 queries typically answer from cache or would answer REFUSED/Prohibited, I would have thought. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Hebrides, Bailey: West, backing south for a time, 4 to 6, increasing 7 to severe gale 9, occasionally storm 10 in Hebrides. Rough or very rough, becoming high or very high. Rain or showers. Good, becoming moderate or poor.
- [DNSOP] Comments on draft-ietf-dnsop-extended-err… Paul Hoffman
- Re: [DNSOP] Comments on draft-ietf-dnsop-extended… Wes Hardaker
- [DNSOP] draft-ietf-dnsop-extended-error and combi… Paul Hoffman
- Re: [DNSOP] draft-ietf-dnsop-extended-error and c… Wes Hardaker
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Paul Hoffman
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Tim Wicinski
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Evan Hunt
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Paul Hoffman
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Wes Hardaker
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Paul Hoffman
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Wes Hardaker
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Paul Hoffman
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Vittorio Bertola
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Viktor Dukhovni
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Ray Bellis
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Paul Hoffman
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Viktor Dukhovni
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Tony Finch
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Vladimír Čunát
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Eric Orth
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Wes Hardaker
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Wes Hardaker
- Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-e… Tony Finch